<?
include("../config.php");
session_start();
//check for approval
$sid = $_REQUEST['id'];
$status = $_REQUEST['status'];
$reason = $_REQUEST['reason'];

if($id){
    if($status == 2){
        //user can't invalidate an already approved transaction
        $res = dbQuery("select approved from transactions where id='".$id."'") or dib(dbError());
        $row = dbFetchArray($res);
        if($row['approved'] == 1){
            echo "you can't disapprove an approved transaction";
            exit;
        }else{
            if(!$reason){
                $stop = 1;
                ?>
                <form method = post>
                    Please enter reason for rejection: <textarea name=reason cols=50 rows=20></textarea><BR><input type='submit' name='submit' value='reject'>
                    <input type='hidden' name='id' value='<?=$id?>'>
                    <input type='hidden' name='status' value='2'>
                </form>
                
                <?
            }else{
                
            }
         
        }
    }
    
    dbQuery("update transactions set approved = '".$status."',reason='".$reason."' where id='".$sid."'") or die (dbError());
    if(!$stop)
    header("Location: transactions.php");
}else{
    echo "wrong id";
}
